back to article Backdoors won't weaken your encryption, wails FBI boss. And he's right. They won't – they'll fscking torpedo it

FBI head honcho Christopher Wray is rather peeved that you all think the US government is trying to weaken cryptography, privacy, and online security, by demanding backdoors in encryption software. During a session at the International Conference on Cyber Security at Fordham University, New York, Wray backed a proposal mooted …

Page:

              1. CrazyOldCatMan

                Re: the 'special thanks to' credits are often interesting

                Actually never saw LoTR in a movie theatre

                We saw all of them - all on the last showing of the day so as to avoid having croth-fruit present (makes for a less-interrupted viewing).

                And then we bought the directors cut of each of them to watch at home (for a number of years we watched them all back to back over the Christmas holidays).

                I'd love for them to do some of The Silmarillion but I suspect that it's too broad a scope for them to touch.

                Not that I'm a LOTR geek at all.. (but it was probably the first fantasy book[1] I read - by the age of 11 I'd read them all multiple times (including Silmarillion). However, I didn't read The Hobbit until doing my English O level.

                [1] Of very, very many - I'm averaging one book/day at the moment.

      1. Kevin Johnston

        Re: Here comes the truthiness ...

        I always sit through the credits because often some of the best gags are in the 'out-takes'** they scatter through them.

        **When the film is CGI it is pretty clear they are not out-takes but in-jokes, not that it makes them less funny

  1. elDog

    The solution is obvious and so simple.

    Just use the gov't MILNET (or ARPANET2) or a wide variety of other SCI networks that the US runs.

    Close down the inner-tubes and force everyone to use a non Huawai phone not made anywhere else except in Pennsylvania, Ohio, Michigan, etc. That'll take care of needs for 5G forever.

    Maybe we can piggy-back on the Great Firewall of China for all our security. Altho I'm guessing Trumpf has a lucrative deal with the FSB/IRA.

    Watta world we live in now. It's been fun, comrades.

  2. HildyJ Silver badge
    Unhappy

    They don't care about security

    Any and all "intelligence" agencies, yours, ours, and everybody elses, don't give a damn about who can access your data as long as they can. This is never going to go away.

    1. bombastic bob Silver badge
      Megaphone

      Re: They don't care about security

      It is the nature of gummints to become oppressive police states.

      It is the responsibility of citizens to TAKE ACTION TO PREVENT IT.

      This is a lot like PEST CONTROL. Watch what happens over time if you fail to spray, bait, and/or trap.

      That's right. The RATS and ROACHES will win. So we have to do what we MUST to prevent it.

      1. Kiwi
        Paris Hilton

        Re: They don't care about security

        It is the nature of gummints to become oppressive police states.

        It is the responsibility of citizens to TAKE ACTION TO PREVENT IT.

        But.. Didn't you vote for Trump? Don't you still support him? How is that doing your civic duty to stop such people being in government?

  3. Flocke Kroes Silver badge

    In answer to his question

    "How do you propose to ensure that the hardworking men and women of law enforcement sworn to protect you and your families maintain lawful access to the information they need to do their jobs?"

    I propose firing the next computer illiterate who insists I am not allowed securely encrypt business transactions to prevent others from spending my money.

    1. Richard 12 Silver badge
      Joke

      Re: In answer to his question

      Using a howizter. At point blank range.

      But it's ok, the field piece your head is stuffed into is protected by the type of security you're demanding, so you've got nothing to *BOOM* about.

      Oh. Nevermind. Next?

    2. Just Enough

      Re: In answer to his question

      The question is a complete red-herring. I have information in my head. It is, to all intents and purposes, encrypted because only I have the key and access. There is no way for "the hardworking men and women of law enforcement " to access it without my permission. This is a situation that has existed since crime began, and yet "the hardworking men and women of law enforcement " have somehow managed.

      So how is encrypted information on a phone different?

      1. Anonymous Coward
        Anonymous Coward

        Re: In answer to his question

        Do you honestly think that the security services wouldn't read your mind to find out what they want to know, if there was a way to do it? That's the difference - there isn't the technology to do it - for now....

        1. Mr Sceptical
          Big Brother

          Re: In answer to his question

          Who needs high-tech mind reading probes??? People get very talkative if it averts a red-hot poker someplace sensitive!

          Failing that, I hear water boarding gets you Grade A intel on The Bad Guys (TM)

          Applies equally to digital or verbal data.. Whether or not you're believed depends on verification of the intel. Or some bastard just enjoys the wet screams...

          1. Charles 9 Silver badge

            Re: In answer to his question

            And if they're dealing with a masochist?

            1. Alumoi Silver badge

              Re: In answer to his question

              Easy, they will threaten with NOT hurting him.

              1. Charles 9 Silver badge

                Re: In answer to his question

                Which is STILL hurting him. Whether it's by beating or by not beating, it's still torture to a masochist, which means he gets off either way: you can't win.

          2. Blank Reg Silver badge

            Re: In answer to his question

            There is no need for hot pokers or any of those other messy methods. A properly worded facebook quiz can get people to spill all kinds of info.

      2. Anonymous Coward
        Anonymous Coward

        Re: In answer to his question

        Just Enough,

        " .. I have information in my head. It is, to all intents and purposes, encrypted because only I have the key and access. ..."

        You are forgetting the oft quoted https://www.xkcd.com/538/

        Decryption of 'Your Information' is easier because there *is* a method that can access a built-in 'Backdoor' !!!

        This sort of demonstrates the problem with all forms of Backdoors !!!

        ;) :)

        1. Just Enough

          Re: In answer to his question

          Not forgetting it at all. What I'm saying is the principle is exactly the same.

          In the case of xkcd's example; hitting someone with a wrench until they tell you the encryption password is no different from hitting them with a wrench until they tell you any information you may have.

          1. Charles 9 Silver badge

            Re: In answer to his question

            To which I always ask, "What do you do with a masochist, who would GET OFF on getting hit with a wrrnch, or a wimp, who would faint at the mere sight of the wrench?" Either way, they're not gonna tell you anything useful.

            1. Kiwi

              Re: In answer to his question

              To which I always ask, "What do you do with a masochist, who would GET OFF on getting hit with a wrrnch, or a wimp, who would faint at the mere sight of the wrench?" Either way, they're not gonna tell you anything useful.

              Have dealt with many wimps (used to be their king at one stage!) - many would fold long before they fainted. Not all though, some have amazing resilience and pain thresholds well above what is considered normal (also a very strong fear of pain - I can tolerate a lot it seems, but the thought of so much as one of my cats hairs landing on me almost gives me a panic attack).

              As to masochists, well, any torturer worth the name will get round them. Two simple rules about torture. One is that the info gathered is probably worthless, and two - and the most important one - every one breaks.

              1. Charles 9 Silver badge

                Re: In answer to his question

                "Have dealt with many wimps (used to be their king at one stage!) - many would fold long before they fainted."

                Then they aren't real wimps. REAL wimps would faint first, meaning it's impossible to get anything from them as anything even remotely resembling violence (like an angry dog bark) would make them a gibbering mess if not outright unconscious.

                "...every one breaks."

                Depends on what you mean by breaking. Given people have willingly committed suicide instead of surrendering, I would think there are some who would simply endeavor themselves, regardless of circumstances, to make it so that when they break, they shatter and become utterly useless in any event. Even if totally bound and helpless, they'd probably tap hysterical strength to tear their own bodies apart and bleed out.

  4. GrumpyKiwi

    So what happened to...

    ... the FBI being "the defenders of justice and truth and democracy". Oh that's right, they never were.

    1. big_D Silver badge

      Re: So what happened to...

      Hoover would be proud of what his boys are doing.

      1. Steve K Silver badge
        Coat

        Re: So what happened to...

        Hoover would be proud of what his boys are doing.

        Well Barr was saying to suck it up...….

        1. Nick Kew
          Coat

          Re: So what happened to...

          Thaid with a lithp?

      2. Anonymous Coward
        Anonymous Coward

        Re: So what happened to...

        Dam that Hoover

        1. Roj Blake

          Re: So what happened to...

          Your dam that Hoover joke really sucks.

    2. bombastic bob Silver badge
      Unhappy

      Re: So what happened to...

      recent news proves they are AS CORRUPT as anything ELSE in gummint... perhaps WORSE.

      The only answer you should EVER give a federal agent: "I want a lawyer"

      1. Adrian 4 Silver badge

        Re: So what happened to...

        Lawyers being noted for their trustworthiness, honesty etc. right ?

        Or even just staying bought ?

  5. elgarak1

    I said it before, I say it again, albeit much more direct: Anyone who asks for backdoors is either an idiot or a fascist.

    1. Anonymous Coward
      Anonymous Coward

      Aren't they usually both?

      1. BebopWeBop Silver badge

        There is an intersection, but real life and observation of politics suggest that the intersection may be large but not 100%

        1. A.P. Veening Silver badge

          But smart fascists don't ask for the impossible, they leave that to idiots, fascist and otherwise.

    2. smudge
      Big Brother

      either an idiot or a fascist.

      A concise but accurate description of the Cabinet selected by new UK PM Johnson. It's an inclusive 'or', of course, so they can be both - see, for example, Priti Patel, the Home Secretary.

      So it's only a matter of time over here. Won't be long before sealed envelopes and sticky tape on parcels are outlawed.

    3. Kiwi
      Gimp

      I said it before, I say it again, albeit much more direct: Anyone who asks for backdoors is either an idiot or a fascist.

      Not quite right.. There are some of us who enjoy "back doors" without being either! ;)

  6. Sgt_Oddball Silver badge
    Coat

    Back doors will not stop..

    Child predators...

    Maybe a pissed off commando or a plucky cop...

    But definitely not backdoors.

    (that said I didn't they let them hunt until they were adults?).

    Mines the wife beater vest. On second thoughts you can leave it.

  7. whitepines
    Boffin

    You know the simplest solution is going to be to mandate this in the Intel ME / AMD PSP. Phones already have mandated kill switches in the low-level firmware, so precedent is already set. Short term all you can do is try to move away from hardware like that and hope that these morons will be content with catching 90% of the non-technical traffic -- basically Linux/BSD on RISC-V or Power is they only way you're not going to be leaking your private data and conversations everywhere. Oh and mobiles are right out -- time to start practicing "I don't own a mobile phone because of the privacy dangers, please call me at my home/office number".

    Stalin and Hitler would both be so proud. To have achieved mass deployment of the tools required to spy on the populous under the guise of "safety", then turn the spying on after said tools are so ubiquitous that eschewing them will kill the economy, now THAT's an achievement for the history books.

    1. bombastic bob Silver badge
      Devil

      in general you still need physical access to hardware to "take advantage" of any built-in CPU back doors.

      and such a back door could NEVER reliably decrypt encrypted traffic, not if it's done in SOFTWARE. Use of clever stream ciphers might prevent it entirely, since nothing would really be stored in RAM - encrypt or decrypt the stream as it passes by...

      byte -> hash -> lookup table -> new hash -> rotate table with new hash -> encrypted/decrypted output

      so simple! TKIP kinda works this way, too.

      1. Charles 9 Silver badge

        Sure it can. It can operate "outside the envelope" at the points of entry or exit where the content MUST present itself in an encrypted form (neither the Hand v1.0 nor the Eyeball Mk I can directly grok encrypted content).

      2. whitepines
        Big Brother

        I was referring to the fact that Intel/AMD might be quite willing to come to a quiet, closed-door truce with the FBI that goes something like this:

        Since no one knows what's in our magic DRM black boxes anyway, and for bonus points no one can edit out the malware bits we're secretly adding (by design, signing keys and all that), we'll simply snoop on the OS for anything that looks like a key and quietly exfiltrate it over the network. HTTPS using DoH would be nigh undetectable.

        The research on key detection is already done. The black boxes are already in place and have access to memory for some asinine "reason" (excuse) I can't even recall at this point. The only thing missing is the kickback to the vendor to activate the malware (or threat of rubber hosing, though I suspect "we'll ban Huawei if you just do this for us" is a powerful motivator...)

      3. Carpet Deal 'em
        Facepalm

        One of the (nominal) points of the Intel Management Engine is that you can remotely control the computer, even when it's off. In other words, it's meant to undermine everything you just said(and with Intel-qwalitee security, being a person of interest almost guarantees you're screwed). AMD's PSP is less helpful, but I still wouldn't assume you need physical access to plant an OS-proof bug in there.

  8. Anonymous Coward
    Anonymous Coward

    Barr...

    What we are seeing here has kind of happened before. In the 19th century there was a Catholic clergyman named Manning whose desire to rise to the top resulted in a degree of sliminess and sycophancy at which a Jacob Rees-Mogg could only wonder.

    Manning wanted to be a Cardinal. Cardinals are appointed by the Pope. So Manning became ultra-Papist.

    But Popes are surrounded by expert flatterers, who speak the language. How could Manning distinguish himself against such powerful opposition? His solution was near-genius. He aligned himself with the idea of Papal infallibility.

    No need to find excuses to visit Rome constantly (though he did find an agent there.) How could you flatter a Pope more than suggest he is infallible? And yet it doesn't look like plain flattery because it hides under a veneer of Catholic doctrine.

    So Manning became a Cardinal...

    Barr seems to be trying the same thing. He has suggested that Trump should have even more power and be a kind of dictator, because Trump is so wonderful. Trump laps it up. And every idea that enters Trump's rather inadequate mind, Barr hails as the Second Coming. Including encryption backdoors.

    Of course when it was clear Manning would be a cardinal he acquired his own train of bootlickers and bottom kissers. As Barr becomes associated with ultra-Trumpism, expect more people who know better to support his, and Trump's, idiocy. It won't affect them. They have people to deal with it. But the money, the fame, the well paid directorships, the high fees for public speaking will surely follow.

    And now Johnson is in a position to go down exactly the same route. He's going to go full Barr. After all, it means the British government can uncover wrongthink too.

    Trump is becoming a Mikado, and we, the ordinary people of the world, are all fucked.

    I guess this is a rant, but it's a rant based on historical parallels.

    1. John Smith 19 Gold badge

      Re: Barr...

      Is Trumps appointee over several more senior people in the Justice department who seemed unwilling to say the Mueller investigation found nothing wrong with Trumps behavior.

      He has been promoted several levels above the level he had any expectation of reaching.

      1. Anonymous Coward
        Anonymous Coward

        Re: Barr...

        As was Manning. The technique works.

        1. unimaginative

          Re: Barr...

          Except Manning had a lot of good points, like supporting this:

          https://en.wikipedia.org/wiki/Rerum_novarum

          Also is there any evidence to suggest he was 1) not able and 2) ultramontane out of ambition rather than conviction?

          1. Anonymous Coward
            Anonymous Coward

            Re: Barr...

            Fair comment about rerum novarum

            But my point stands, because if the Pope had not been in favour of it, I doubt Manning would have been.

            Manning was doubtless capable, but the effort he put into self promotion showed that he didn't regard himself as someone who (like, say, John Fisher at the Admiralty) would rise to the top purely on merit.

            My point was a general one about people who are so obsessed with obtaining high status that they will even go for credo quia impossibile est as doctrine if it furthers their aim. Barr and co., like that Australian politician (and the Brexiters for that matter) are adopting precisely that principle. If the boss thinks something impossible can be done, stuff reality.

            It used to be the Telegraph that made jokes about union handbooks suspending the laws of physics, but today it's the Right that seems to inhabit the alternative reality universe.

            1. tlhonmey

              Re: Barr...

              And there's your work of genius right there.

              They've managed to redefine how everyone thinks about politics so that the far left is Stalin/Mao while the far right is Hitler/Caesar and to convince everyone that we need a "moderate" who is somewhere in between the two...

              Anyone who suggests that, you know, maybe totalitarianism *isn't* the way to go is ignored, ridiculed, or slammed with waves of patently false accusations until the retire from the public eye depending on what seems likely to shut them up the quickest.

  9. Anonymous Coward
    Anonymous Coward

    How does he propose to give "lawful access" to secrets stored in my head?

    Rubber hoses? Why do they think they are entitled to access every scrap of communication? It was well under 100 years where cops were able to 'wiretap' communications, and even then only if criminals used phones and didn't speak in code.

    If encryption is backdoored and people meet in a dark corner of a park at night, I guess he'll insist on the government's right to have a drone follow every person as they walk around, so it can spy on any conversations that person may have. After all, if it is in the interests of law enforcement it must be a good thing, right citizen?

    1. Tim99 Silver badge
      Big Brother

      Re: How does he propose to give "lawful access" to secrets stored in my head?

      Apposite xkcd...

  10. YetAnotherJoeBlow Bronze badge

    "It cannot be a sustainable end state for us to be creating an unfettered space that’s beyond lawful access for terrorists, hackers, and child predators to hide. But that’s the path we’re on now, if we don’t come together to solve this problem."

    See what they are doing? They are trying to raise the bar from IF we implement crypto backdoors to Why not help us backdoor crypto, it will be better then.

  11. Christoph

    How will the US force people in other countries to use communications which it is known the US can decrypt?

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021